Communication systems based on self-organizing entities that build up the network without the need or reliance for a pre-established infrastructure represent a challenging scenario that will play an important role in society and economy by providing opportunities for the creation of ad hoc networks and services. However, in order for these services to be successful, they must rely on a network that is secure. The increased sensibility of mobile ad hoc networks (MANETs) with respect to dedicated networks like the Internet derives from the lack of nodes with a predefined role that are responsible for the network operation. Initially, applications of ad hoc networks have been envisioned mainly for crisis situations (e.g., in battlefields or in rescue operations). In these applications, all the nodes of the network belong to a single authority (e.g., a single military unit or a rescue team) and have a common goal. However, wireless technologies have significantly improved in recent years and low-cost devices based on the 802.11 standard have invaded the market. As a consequence, the deployment of ad hoc networks for civilian applications has become realistic. In these networks, nodes typically do not belong to the same organizational structure nor to a single authority and they do not pursue a common goal. The lack of an a-priori trust relationship between the members of the network renders security an essential component to enable a realistic deployment and utilization of such open networks.
In this thesis we address the security issues raised by open ad hoc networks. We first investigate on the impact of several threats that have been often neglected by the research community when designing ad hoc routing protocols in which all participants were inherently trusted. If these threats can be considered in line with the experience gathered through the study of a variety of attacks on routing protocols for classical networks, in this thesis we point out and analyze a new type of misbehavior that we called node selfishness, specific to the highly cooperative environment offered by the ad hoc networking paradigm. A simulation-based analysis conducted in our laboratories revealed that node cooperation is essential because unlike networks using dedicated nodes to support basic functions like packet forwarding, routing, and network management, in ad hoc networks those functions are carried out by all available nodes. However, there is no reason to assume that nodes will participate in the network operation, especially in battery powered environment such as a MANET.
We propose a state of the art of basic security services for ad hoc networks, that range from secure routing protocols to key-management services and we focus on various type of cooperation enforcement mechanisms available in the literature. Our research pointed out two challenging research directions that we further investigated in the reminder of the thesis: the novelty of cooperation requirements and the difficult task of providing security associations without the support of an external infrastructure.
We thus propose a cooperation enforcement mechanism based on an original reputation system that we called CORE. We then propose a detailed validation of the CORE mechanism using two different methodologies: in the first method, we use a classical network simulation tool to infer the basic properties of CORE. We then extend our work in order to cope with a sophisticated model of node selfishness that takes into account end-users' "rationality" when operating the nodes. Our validation study shows that CORE is an effective and robust mechanism that stimulates cooperation of selfish nodes; furthermore, through the evaluation of nodes' energy consumption, we provide evidence that CORE also offers incentives for legitimate nodes to use it as a cooperation mechanism in that they can save a non-negligible amount of energy.
We conclude the thesis by proposing a novel authentication scheme for mobile ad hoc networks that does not rely on a pre-established network infrastructure and that does not require any shared organization between the users of the network. In our scheme, a lightweight bootstrap phase is necessary for a node entering the network: by contacting an authentication server a node is able to locally generate authentication credentials that are globally verifiable in the network without the need for the distribution of public key certificates. We also propose a practical utilization of our scheme as a complementary key distribution scheme that enables authentication services demanded by secure routing protocols available in the literature.